Commit graph

1509 commits

Author SHA1 Message Date
dependabot[bot]
e7fd4c6bc4
Bump guzzlehttp/guzzle from 6.5.5 to 6.5.6 (#412)
Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 6.5.5 to 6.5.6.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/6.5.6/CHANGELOG.md)
- [Commits](https://github.com/guzzle/guzzle/compare/6.5.5...6.5.6)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-28 23:50:56 +02:00
dependabot[bot]
b894cdd6ce
Bump smarty/smarty from 3.1.43 to 3.1.45 (#413)
Bumps smarty/smarty from 3.1.43 to 3.1.45.

---
updated-dependencies:
- dependency-name: smarty/smarty
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-28 23:50:20 +02:00
dependabot[bot]
6731fcdf96
Bump guzzlehttp/psr7 from 1.6.1 to 1.8.5 (#406)
Bumps [guzzlehttp/psr7](https://github.com/guzzle/psr7) from 1.6.1 to 1.8.5.
- [Release notes](https://github.com/guzzle/psr7/releases)
- [Changelog](https://github.com/guzzle/psr7/blob/1.8.5/CHANGELOG.md)
- [Commits](https://github.com/guzzle/psr7/compare/1.6.1...1.8.5)

---
updated-dependencies:
- dependency-name: guzzlehttp/psr7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-30 09:11:45 +02:00
Pierre Rudloff
3d09289104 Merge branch 'hotfix/3.0.3' 2022-03-08 09:33:44 +01:00
Pierre Rudloff
8913f27716 Disable the generic extractor entirely
It can be used for SSRF attacks even when redirects are disabled
2022-03-08 09:29:57 +01:00
Pierre Rudloff
148a171b24 Merge branch 'hotfix/3.0.2' 2022-02-27 12:32:36 +01:00
Pierre Rudloff
1b099bb983 Patch youtube-dl to disable redirects
In order to prevent SSRF attacks using redirects
2022-02-27 12:30:15 +01:00
Pierre Rudloff
3a4f09dda0 Prevent SSRF requests
By validating the provided URL before passing it to youtube-dl
2022-02-27 11:00:33 +01:00
Pierre Rudloff
2afbfb4bf2 fixup! Don't redirect to REQUEST_URI when browsing to index.php Instead, we can make sure everything works correctly on index.php 2022-02-20 14:06:59 +01:00
Pierre Rudloff
3ab22c654a Merge branch 'hotfix/3.0.1' 2022-02-20 13:31:40 +01:00
Pierre Rudloff
bc14b6e45c Don't redirect to REQUEST_URI when browsing to index.php
Instead, we can make sure everything works correctly on index.php
2022-02-20 13:28:57 +01:00
Pierre Rudloff
cf82f1cc8f
Add security policy 2022-02-19 20:47:53 +01:00
dependabot[bot]
fb78ecb410 Bump smarty/smarty from 3.1.39 to 3.1.43 (#383)
Bumps smarty/smarty from 3.1.39 to 3.1.43.

---
updated-dependencies:
- dependency-name: smarty/smarty
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-13 00:05:49 +01:00
Pierre Rudloff
eeda434b2f Merge branch 'release-3.0.0' 2021-04-20 23:16:45 +02:00
Pierre Rudloff
b902c9027b Upgrade youtube-dl to 2021.04.01 (fixes #349) 2021-04-02 21:05:50 +02:00
Advizormcpe1
be3f7d9a82 Updated japanese translation 2021-02-28 18:34:07 +01:00
Pierre Rudloff
97d6532388 Merge branch 'master' into develop 2021-02-26 22:53:09 +01:00
dependabot[bot]
6ab19b6d84
Bump smarty/smarty from 3.1.33 to 3.1.39 (#346)
Bumps smarty/smarty from 3.1.33 to 3.1.39.

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-02-26 22:48:17 +01:00
Pierre Rudloff
73e4fc1b13 Missing root_path service in tests 2021-02-22 21:16:29 +01:00
Pierre Rudloff
9688244285 Remove donation links 2021-02-22 21:12:23 +01:00
Pierre Rudloff
104a866188 Japanese translation 2021-02-22 21:10:58 +01:00
Pierre Rudloff
3cfd450258 Use a stable release of debugbar-smarty 2021-02-11 19:36:11 +01:00
Pierre Rudloff
1e17dff21e Use the new root_path service to make some code more portable 2021-02-09 22:35:32 +01:00
Pierre Rudloff
f2be3a7e5b Use relative paths on debug error page 2021-02-09 22:31:41 +01:00
Pierre Rudloff
9a27e7764a Upgrade grumphp to 1.3
In order to use the new securitychecker_enlightn task
2021-02-07 13:40:02 +01:00
Pierre Rudloff
36ba147430 phpstan update 2021-02-07 12:42:03 +01:00
Pierre Rudloff
50fe879f16 Add route info to debug bar 2021-02-07 12:24:16 +01:00
Pierre Rudloff
9af922f3f1 Add Smarty collector to debug bar 2021-02-07 00:03:37 +01:00
Pierre Rudloff
bba5090ec3 We can't be sure of the class of the logger 2021-02-06 18:22:19 +01:00
Pierre Rudloff
5c0ed594f3 Debug bar 2021-02-06 15:35:09 +01:00
Pierre Rudloff
58f79c5012 Use enlightn/security-checker instead of sensiolabs/security-checker (fixes #342) 2021-02-02 21:26:26 +01:00
Pierre Rudloff
5d550a100d Disable coverage in phpunit
It causes an error on Travis and it is not used anymore
2021-02-02 00:27:24 +01:00
Pierre Rudloff
077bb4762e Merge branch 'master' into develop 2021-02-01 21:27:07 +01:00
prog-it
03d6a59b26
Russian translation (#341) 2021-02-01 21:26:23 +01:00
Pierre Rudloff
05311ac7b6 Add return types 2020-12-17 22:49:21 +01:00
Pierre Rudloff
f2785bca03 Clear Smarty compiled templates before controller tests
In order to avoid permission errors
2020-12-17 22:30:19 +01:00
Pierre Rudloff
9921b6210f Merge tag '3.0.0-beta5' into develop
Composer 2 compatibility
Updated youtube-dl to 2020.11.12
Make sure locale is always set, even on first request
2020-12-17 20:07:44 +01:00
Pierre Rudloff
c9aa41d206 Merge branch 'release-3.0.0-beta5' 2020-12-17 20:06:09 +01:00
Éric Gaspar
a5bda1d35e
Fix small typos (#333)
* Fix small typos

- *Fix cap on YouTube, AllTube...*

* Fix YouTube cap
2020-12-05 15:00:46 +01:00
Pierre Rudloff
f2bef49ad6 fixup! Make sure locale is always set, even on first request 2020-11-21 14:38:37 +01:00
Pierre Rudloff
f184bda59b Make sure locale is always set, even on first request 2020-11-21 14:20:01 +01:00
Pierre Rudloff
05959b17f0 Upgrade grumphp to 1.1
In order to improve output in CI
2020-11-16 23:31:18 +01:00
Pierre Rudloff
b5a585443a fixup! The youtube-dl repository is back 2020-11-16 23:28:36 +01:00
Pierre Rudloff
81e42057f9 Upgrade composer-dangling-locked-deps to 0.2.1
To fix Composer 2 compatibility
2020-11-16 23:21:32 +01:00
Pierre Rudloff
a800a058fa The youtube-dl repository is back 2020-11-16 20:48:03 +01:00
Pierre Rudloff
2d1d69a1f1 Refactor some Robo code 2020-11-16 20:45:49 +01:00
Tripp Sanders
bd2b72721f
Remove an extra S (#328)
* Remove an extra s

* Remove a few extra S’s
2020-11-08 19:53:42 +01:00
Pierre Rudloff
c844d3bf74 Merge tag '3.0.0-beta4' into develop
Fixed the CSP because it was breaking downloads on Chrome (#327)
Upgraded youtube-dl to 2020.11.01.1 (#326)
2020-11-04 23:08:02 +01:00
Pierre Rudloff
f6d3a72c31 Merge branch 'release/3.0.0-beta4' 2020-11-04 23:05:51 +01:00
Pierre Rudloff
c0b2acf33e Don't restrict forms in CSP (#327) 2020-11-04 23:03:39 +01:00